At it Again: Law Enforcement Officials’ Anti-Encryption New York Times Op-Ed

Yesterday, Manhattan District Attorney Cyrus Vance, Jr. and law enforcement officials from Paris, London, and Madrid published an anti-encryption op-ed in the New York Times—an op-ed that amounts to nothing more than a blatant attempt to use fear mongering to further their anti-privacy, anti-security, and anti-constitutional agenda. They want a backdoor. We want security, privacy, and respect for the Fourth Amendment’s guarantee that we be “secure” in our papers. After all, the Founding Fathers were big users of encryption.

The government’s use of horror stories to convince us that we should unlock our doors and give it free reign to pry inside our lives is nothing new. FBI Director James Comey is notorious for his examples of how cell-phone encryption will lead law enforcement to a “very dark place.” Yesterday’s op-ed adopts Comey’s signature tactic, focusing on the fatal shooting of a man in Illinois in June of this year and suggesting—without any evidence—that but for encryption built into both of the victim’s two phones (both found at the crime scene), police would have been able to track down the shooter. Never mind that of the two devices mentioned in the article, one of them (the Samsung Galaxy S6) isn’t actually encrypted by default.

The op-ed goes on to cite numerous other “examples,” again divorced from any actual facts, of cases in which encryption supposedly “block[ed] justice”—including 74 occasions over a nine-month period in which the Manhattan district attorney’s office encountered locked iPhones. Vance has touted this statistic before. But a spokesperson for his officetold Wired last month that the office handles approximately 100,000 cases in the course of a year, meaning that officials encountered encryption in less than 0.1% of cases. And Vance has never been able to explain how even one of these 74 encrypted iPhones stood in the way of a successful prosecution.

The op-ed faults Apple and Google for attempting to offer their customers strong, user-friendly encryption. An iPhone with iOS8 automatically encrypts text messages, photos, contacts, call history, and other sensitive data though the use of a passcode. But contrary to the suggestion of the op-ed’s authors, Google has already backed off its promise to offer its users encryption by default, and the data on a stock Samsung S6 is accessible to law enforcement via forensic analysis tools.

But what’s more important than the op-ed’s shortage of facts is how out of touch it is with not only the fundamental importance of encryption and how encryption works, but also the U.S. Constitution.

The op-ed calls for an “appropriate balance between the marginal benefits of full-disk encryption and the need for local law enforcement to solve and prosecute crimes.” This single sentence demonstrates the numerous ways in which the authors are untethered from reality.

First, the benefits of encryption are in no way “marginal”—unless you view ensuring the privacy and security of innocent individuals across the globe as trivial goals. The authors here reveal their failure to appreciate the need for encryption to protect against not only security breaches, but also criminals (the folks they are supposed to be protecting us from) and of course pervasive and unconstitutional government surveillance.

Second, when the authors say they want an “appropriate balance,” what they are really asking for is a backdoor—or golden key—to allow government officials to decrypt any encrypted messages. As The Intercept explained in an article outlining the many things wrong with the op-ed, Vance and his counterparts in Paris, London, and Madrid are “demand[ing]—in the name of the ‘safety of our communities’—a magical, mathematically impossible scenario in which communications are safeguarded from everyone except law enforcement.”

We’ve said it before and we’ll say it again: It is technologically impossible to give the government an encryption backdoor without weakening everyone’s security. Computer scientists and cybersecurity experts agree, and have been telling the government as much for nearly two decades. And earlier this year, one Congressman with a technical background called encryption backdoors “technologically stupid." Everyone who understands how encryption works agrees.

Third, law enforcement isn’t currently and won’t in the future “go dark” as a result of encryption. The government voiced the same concerns over encryption stifling criminal investigations during the Crypto Wars of the 1990s—i.e., Crypto Wars, Part I—which saw efforts by the government to prevent the development and distribution of strong consumer encryption technologies. (Protecting your ability to use strong encryption was one of EFF’s very first victories.) Such concerns have proven to be unfounded in the past. Just a few weeks ago, former NSA director Mike McConnell, former Homeland Security director Michael Chertoff, and former deputy defense secretary William Lynn—in a Washington Post op-edin support of ubiquitous encryption—remarked that despite losing Part I of the Crypto Wars,

[T]he sky did not fall, and we did not go dark and deaf. Law enforcement and intelligence officials simply had to face a new future. As witnesses to that new future, we can attest that our security agencies were able to protect national security interests to an even greater extent in the ’90s and into the new century.

The same is true today. And as the former national security officials recognize, “the greater public good is a secure communications infrastructure protected by ubiquitous encryption at the device, server and enterprise level without building in means for government monitoring.”

At its core, yesterday’s op-ed demonstrates a fundamentally different vision for the future than the one we have here at EFF. Our vision is for a world where the privacy of communications are protected and where we can use the best tools possible to protect it. The vision of Vance, Comey, and others in the anti-encryption camp is for a world where no one is secure and where everyone is vulnerable. Their vision is not consistent with reality. And we hope the public is not swayed by their fear tactics.

Correction: An earlier version of this post stated that Google would have been able to unlock the specific model of Samsung phone at issue in the Illinois example. While it is not the case that Google could have unlocked the phone (regardless of whether or not it was encrypted), the data on the phone at issue, unless its settings were modified, would have been accessible via forensic analysis tools commonly sold to law enforcement.

Related Updates

Lt. Gen. Paul Nakasone, the new nominee to direct the NSA, faced questions Thursday from the Senate Select Committee on Intelligence about how he would lead the spy agency. One committee member, Senator Ron Wyden (D-OR), asked the nominee if he and his agency could avoid the mistakes of...

It’s Argentina's turn to take a closer look at the practices of their local Internet Service Providers, and how they treat their customers’ personal data when the government comes knocking. Argentina's ¿Quien Defiende Tus Datos? (Who Defends Your Data?) is a project of Asociación por los Derechos Civiles and the...

It’s Argentina's turn to take a closer look at the practices of their local Internet Service Providers, and how they treat their customers’ personal data when the government comes knocking. Argentina's ¿Quien Defiende Tus Datos? (Who Defends Your Data?) is a project of Asociación por los Derechos Civiles and the...

There’s a new, proposed backdoor to our data, which would bypass our Fourth Amendment protections to communications privacy. It is built into a dangerous bill called the CLOUD Act, which would allow police at home and abroad to seize cross-border data without following the privacy rules where the data is...

EFF and 23 other civil liberties organizations sent a letter to Congress urging Members and Senators to oppose the CLOUD Act and any efforts to attach it to other legislation. The CLOUD Act (S. 2383 and H.R. 4943) is a dangerous bill that would tear away global privacy...

The Supreme Court of India has commenced final hearings in the long-standing challenge to India's massive biometric identity apparatus, Aadhaar. Following last August’s ruling in the Puttaswamy case rejecting the Attorney General's contention that privacy was not a fundamental right, a five-judge bench is now weighing in on...

We need to talk about national security secrecy. Right now, there are two memos on everyone’s mind, each with its own version of reality. But the memos are just one piece. How the memos came to be—and why they continue to roil the waters in Congress—is more important. On January...

Today Google launched a new version of its Chrome browser with what they call an "ad filter"—which means that it sometimes blocks ads but is not an "ad blocker." EFF welcomes the elimination of the worst ad formats. But Google's approach here is a band-aid response to the crisis of...

The U.S. Department of Homeland Security (DHS), Customs and Border Protection (CBP) Privacy Office, and Office of Field Operations recently invited privacy stakeholders—including EFF and the ACLU of Northern California—to participate in a briefing and update on how the CBP is implementing its Biometric Entry/Exit Program.
As we’ve written ...